Why is there an install directory with the security patch?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • punchbowl
    Senior Member
    • Nov 2006
    • 3903
    • 4.0.x

    Why is there an install directory with the security patch?

    Why has the 3.8 patch got an install directory yet the announcement says just upload the files.

    announcement: http://www.vbulletin.com/forum/forum...in-vbulletin-3

    I've downloaded the vBulletin 3.8.7 PL5 patch

    Also does the vulnerability require an attacker have access to the modcp directory?

  • hotshot
    Member
    • Mar 2003
    • 62
    • 3.8.x

    #2
    Same question here. I do know that you can import that Language file via the admin control. panel under Download / Upload Languages, and I think it's required to make the site secure for another problem. I'm also curious how you import the vbulletin-adminhelp.xml and vbulletin-setttings.xml that are included with the patch or what the purposes of those files are.

    Comment

    • bestmilan
      Senior Member
      • May 2007
      • 153
      • 3.8.x

      #3
      I have uploaded the vB 3.8.7 PL5 patch earlier today and since then we and our forum users have a problem with login (when you do logout of your account or try to login there is just a blank page displayed !!).... so we were forced to go back and re-installed the original files and apply the PL3 patch instead.


      Cannot seem to log in to the Forum, either on phone or any browser via computer.

      Is there a general log in problem people are having?

      I can get to the site, to the questions, but am unable to log in.
      Last edited by bestmilan; Sat 10 Jan '15, 9:42pm.
      www.legaljunkies.com

      Comment

      • hotshot
        Member
        • Mar 2003
        • 62
        • 3.8.x

        #4
        Originally posted by bestmilan
        I have uploaded the vB 3.8.7 PL5 patch earlier today and since then we and our forum users have a problem with login (when you do logout of your account or try to login there is just a blank page displayed !!).... so we were forced to go back and re-installed the original files and apply the PL3 patch instead.


        Didn't have this problem on our site. Users can login/logout with no problem.

        Comment

        • bestmilan
          Senior Member
          • May 2007
          • 153
          • 3.8.x

          #5
          Thanks for the reply !!

          We have also vBSEO and the "admin log in as user" plugin installed on our forums but I am not sure if that has anything to do with the login issue....
          www.legaljunkies.com

          Comment

          • Wayne Luke
            vBulletin Technical Support Lead
            • Aug 2000
            • 73976

            #6
            PL5 contains the files of the previous patches as well. This has been standard operating procedure for well over a decade. The current exploit only involves the ModCP.

            Patches are not tested with addons.
            Translations provided by Google.

            Wayne Luke
            The Rabid Badger - a vBulletin Cloud demonstration site.
            vBulletin 5 API

            Comment

            • hotshot
              Member
              • Mar 2003
              • 62
              • 3.8.x

              #7
              Originally posted by Wayne Luke
              PL5 contains the files of the previous patches as well. This has been standard operating procedure for well over a decade. The current exploit only involves the ModCP.

              Patches are not tested with addons.

              how you import the vbulletin-adminhelp.xml and vbulletin-setttings.xml that are included with the patch in the installl folder or what are the purposes of those files?

              Comment

              • Zachery
                Former vBulletin Support
                • Jul 2002
                • 59097

                #8
                You would run the upgrader, if you wanted to reimport those files.

                Comment

                • hotshot
                  Member
                  • Mar 2003
                  • 62
                  • 3.8.x

                  #9
                  Originally posted by Zachery
                  You would run the upgrader, if you wanted to reimport those files.
                  What upgrader? In the past you would go to http://www.yoursite.com/install however there are only three XML files in that folder so there is nothing to run.

                  Comment

                  • Zachery
                    Former vBulletin Support
                    • Jul 2002
                    • 59097

                    #10
                    If you're overly worried, download the full 3.8.7 version (with the included patches) and run the upgrader.

                    Comment

                    • hotshot
                      Member
                      • Mar 2003
                      • 62
                      • 3.8.x

                      #11
                      Originally posted by Zachery
                      If you're overly worried, download the full 3.8.7 version (with the included patches) and run the upgrader.
                      I'm not "overly worried" about a forum software. Ironic, I tweeted about this topic earlier today. :-) https://twitter.com/ActorMikeBiddle/

                      Are you inferring that the vbulletin-adminhelp.xml and vbulletin-setttings.xml don't really need to be installed? I did import the language file in the install folder. Thanks for clarifying that it is not possible to run the upgrade with the patch.

                      Comment

                      • bestmilan
                        Senior Member
                        • May 2007
                        • 153
                        • 3.8.x

                        #12
                        Does the vB 3.8.7 PL5 patch (or PL4 patch) require to run PHP 5?

                        Thanks for the info about the latest patch...

                        Originally posted by Wayne Luke
                        PL5 contains the files of the previous patches as well. This has been standard operating procedure for well over a decade. The current exploit only involves the ModCP.

                        Patches are not tested with addons.
                        www.legaljunkies.com

                        Comment

                        • Zachery
                          Former vBulletin Support
                          • Jul 2002
                          • 59097

                          #13
                          I don't believe so, are you getting error messages?

                          Comment

                          • Wayne Luke
                            vBulletin Technical Support Lead
                            • Aug 2000
                            • 73976

                            #14
                            Minimum version for 3.8.7 is PHP 5.2, I believe. You would need 3.8.8 if you're using PHP 5.4 and 3.8.9 if you're using 5.5
                            Translations provided by Google.

                            Wayne Luke
                            The Rabid Badger - a vBulletin Cloud demonstration site.
                            vBulletin 5 API

                            Comment

                            • makaiguy
                              Senior Member
                              • May 2004
                              • 125
                              • 3.8.x

                              #15
                              Was running 3.8.7 PL4. Have now installed patch as instructed. Now in AdminCP version says "You are currently running vBulletin version ADMIN_VERSION_VBULLETIN.". Is this as it should be?
                              Doug Wilson
                              Administrator, Timeshare Users Group bbs

                              Comment

                              Related Topics

                              Collapse

                              Working...